Getting error 60 of curl to cygwin setup

Brian Inglis Brian.Inglis@SystematicSW.ab.ca
Tue Mar 19 16:35:06 GMT 2024


On 2024-03-19 08:02, ASSI via Cygwin wrote:
> J M via Cygwin writes:
>> $ curl -vvvv -O https://cygwin.com/setup-x86_64.exe
>>    % Total    % Received % Xferd  Average Speed   Time    Time     Time
>>   Current
>>                                   Dload  Upload   Total   Spent    Left
>>   Speed
>>    0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
>>    0* Host cygwin.com:443 was resolved.
>> * IPv6: (none)
>> * IPv4: 8.43.85.97
>> *   Trying 8.43.85.97:443...
>> * Connected to cygwin.com (8.43.85.97) port 443
>> * ALPN: curl offers h2,http/1.1
>> } [5 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>> } [512 bytes data]
>> *  CAfile: /etc/pki/tls/certs/ca-bundle.crt
>> *  CApath: none
>>    0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
>>    0{ [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Server hello (2):
>> { [70 bytes data]
>> * TLSv1.2 (IN), TLS handshake, Certificate (11):
>> { [1023 bytes data]
>> * TLSv1.2 (OUT), TLS alert, unknown CA (560):
>> } [2 bytes data]
>> * SSL certificate problem: unable to get local issuer certificate
>>    0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
>>    0
>> * Closing connection
>> curl: (60) SSL certificate problem: unable to get local issuer certificate
>> More details here: https://curl.se/docs/sslcerts.html
>>
>> curl failed to verify the legitimacy of the server and therefore could not
>> establish a secure connection to it. To learn more about this situation and
>> how to fix it, please visit the web page mentioned above.
> 
> Either your cert store is corrupt or something is breaking up the SSL
> connection via MITM.

What do you see when you run these commands:

$ file /etc/pki/tls/certs/*
/etc/pki/tls/certs/ca-bundle.crt:       symbolic link to 
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
/etc/pki/tls/certs/ca-bundle.trust.crt: symbolic link to 
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
$ grep -c '^-----BEGIN.*CERTIFICATE-----$' 
/etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:380
/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem:124
/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem:301
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:156
$ grep '^#\s\(ISRG\|R3\)' /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X1
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X2
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# R3
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X1
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X2
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# R3

-- 
Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada

La perfection est atteinte                   Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer     but when there is no more to cut
                                 -- Antoine de Saint-Exupéry


More information about the Cygwin mailing list